2011 Demonstration of Program Outcomes
MS in Information Assurance & Security

Source: Aggregated outcome assessment results from 2011 capstone courses.


Analyzes information security governance throughout the organization.

0% Non-Performance: Does not explain how information security governance is managed within an organization.

11% Basic: Explains how information security governance is managed throughout the organization; considers leadership, organization, or processes in information security governance, but not all three.

56% Proficient: Analyzes information security governance throughout the organization; examines leadership, organization, and processes in information security governance, relative to business operations.

32% Distinguished: Thoroughly analyzes information security governance throughout the organization; assesses leadership, organization, and processes in information security governance, relative to business operations;, references industry standards and best practices.

Evaluate information security practices.

0% Non-Performance: Does not identify information security practices or explain their purpose.

12% Basic: Identifies information security practices and explains their purpose, including software and network architectures.

52% Proficient: Evaluates the purpose, effectiveness, and contextual application of information security practices, including software and network architectures.

36% Distinguished: Thoroughly evaluates the purpose, effectiveness, and contextual application of information security practices, including software and network architectures; references industry standards and best practices.

Analyze emerging threats and countermeasures.

0% Non-Performance: Does not recognize emerging threats or countermeasures.

13% Basic: Recognizes emerging threats and countermeasures, but does not consider specific risks and issues for the organization.

53% Proficient: Analyzes emerging threats and countermeasures, considering specific risks and issues for the organization.

34% Distinguished: Analyzes and prepares for emerging threats and countermeasures; describes strategies for identifying, analyzing, and responding to them.

Applies security management principles.

0% Non-Performance: Does not describe security management principles.

12% Basic: Describes security management principles, including those related to incident response and risk review.

53% Proficient: Applies security management principles, including those related to incident response and risk review, and understands their purpose and application strategies.

35% Distinguished: Applies security management principles, including those related to incident response and risk review, and thoroughly understands their purpose, application strategies, and impact on security management.

Assesses the use of control mechanisms in information security.

0% Non-Performance: Does not describe the use of control mechanisms in information security.

12% Basic: Describes the use of control mechanisms in information security, but does not assess their role in the industry or their application in organizations.

54% Proficient: Assesses the use of control mechanisms in information security, including role in the industry, costs and benefits, and contextual efficacy.

34% Distinguished: Assesses the use of control mechanisms in information security, including role in the industry, costs and benefits, and contextual efficacy, and makes recommendations to advance use for improved security, value in the industry, and ROI opportunities.